Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My laptop is slow to startup and I cannot uninstall the Orange toolbar


  • This topic is locked This topic is locked
11 replies to this topic

#1 Kevmany

Kevmany

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 01 January 2015 - 03:55 PM

Hi,

 

I have a the following spec of laptop: -

Operating System: Window 7 Ultimate

Architecture: 64-bit (x64)

CPU: AMD Turion X2 RM-72

RAM: 8GB

 

My laptop takes over 7 minutes to load into the desktop and I am unable to uninstall the Orange toolbar

as I get the following error trying to uninstall: -

"Orange3.dll cannot be unregistered"

I found a similar issue posted by a user on your website: -

http://www.bleepingcomputer.com/forums/t/252288/orange-toolbar-hijack-outlook-express/

 

I have Bitdefender Total Security installed and ran a full system scan which found nothing but cookies. I also ran a scan with Malware bytes Anti-Malware which found mainly PUP's, along with adaware and trojan.spyeyes which it quarantened. I also ran the Kaspersky online scan recommend in post above and it found nothing apart from other vulnerability issues on my laptop. I can upload any logs of these scans if you require them.
 

I have Bitdefender Total Security installed and ran a full system scan which found nothing but cookies. I also ran a scan with Malware bytes Anti-Malware which found mainly PUP's, along with adaware and trojan.spyeyes which it quarantened. I also ran the Kaspersky online scan recommend in post above and it found nothing apart from other vulnerability issues on my laptop. I can upload any logs of these scans if you require them.

I have Bitdefender Total Security installed and ran a full system scan which found nothing but cookies. I also ran a scan with Malware bytes Anti-Malware which found mainly PUP's, along with adaware and trojan.spyeyes which it quarantened. I also ran the Kaspersky online scan recommend in post above and it found nothing apart from other vulnerability issues on my laptop. I can upload any logs of these scans if you require them.
 

 

Please can you advise how I can speed up the performance of my laptop especially at startup and remove the orange toolbar?

 

Thanks,

 

Kevin


Edited by Kevmany, 01 January 2015 - 04:12 PM.


BC AdBot (Login to Remove)

 


m

#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:32 AM

Posted 01 January 2015 - 05:13 PM

Hello Kevmany,

I did not notice if you mentioned what browser(s) that were affected by this Add-on ??

 

Can we start with a quick small browser cleanup tool

 

Please download avast! Browser Cleanup to desktop
This tool simply serves to find and delete pesky and unwanted toolbars and plug-ins from your browser(s).

Simply download and run the Browser Cleanup utility. Once you run the utility, you will see a list of bad and good toolbars and plug-ins and be able to disable or to remove them.

More "general info" here: http://www.avast.com/faq.php?article=AVKB115

 

Thank You.



#3 Kevmany

Kevmany
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 02 January 2015 - 08:47 AM

Hi Noknojon,

 

I don't have the Orange toolbar added to any of my web browsers. I just can't uninstall it from my laptop.

 

I have downloaded and ran the Avast browser cleanup which removed low rated add-ins called Whale SSL Wrapper and Button Class.

 

Do you need the log file?

 

Thanks,

 

Kevin



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:32 AM

Posted 02 January 2015 - 02:22 PM

I don't have the Orange toolbar added to any of my web browsers. I just can't uninstall it from my laptop.

Please explain where and how you know that the Orange Toolbar exists if it is not attached to a browser .........

Most removal methods say that it can be removed via Programs and Features, or that it is an added Toolbar ...

Revo Uninstaller directions are below, but I will dig deeper for you -

 

A compatibility problem exists between the Orange Toolbar and Internet Explorer 8 & 9
Disable the add-on
Run this "general" M/soft Fixit tool > http://go.microsoft.com/?linkid=9708413&entrypointid=MATSKB
To resolve this issue manually, follow these steps:
Close all Internet Explorer windows.
Open a new Internet Explorer window.
When you see the message that states “Manage add-ons” for the Orange Toolbar, click Always open Internet Explorer without this add-on.
The add-on will be disabled and will not be loaded again when you start Internet Explorer.

Orange has an article in its knowledge base called: How to uninstall the Orange search toolbar. You can find it by searching Google for "Article ID: kb3247" or clicking Here.
NOTE : Do the removal with only one browser window open, and reboot your PC afterwards.
 

 

If you can "see" this item in your installed list or as a desktop item then use Revo Uninstaller -
Please download and install Revo Uninstaller Free

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall this program, click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers....(be patient here ! ) click Next.
  • Check / tick the bolded items Only, then click  DELETE
  • When prompted click on Yes and then on next.   
  • Put a check on any folders that are found and select delete
  • When prompted select yes then on next
  • Once done click Finish.

Also please read How to use Revo Uninstaller


Edited by noknojon, 02 January 2015 - 02:43 PM.


#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:32 AM

Posted 02 January 2015 - 03:13 PM

As an extra to the above - Orange Toolbar is a widely used Installed Program and Not an infection.

 

For a few other clean outs please follow the list of programs below. Install them to Desktop and Copy and Paste all logs.

Some of the listed programs are often updated, so if an update is offered, please use it, or Delete your old version and install the Newer version.

If you have problems, or do not understand something, please tell us.

 

 

:step1: Download Screen317 Security Check from Here or Here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please Copy/Paste the contents of that document.

Note 1:: If any security program requests permission to access the Internet, allow it to
Note 2. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message, (or similar) restart computer and Security Check should run

 

 

 

:step2: Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:

  • List content of Hosts
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy / Paste the result. (result.txt)

 

 

:step3: Please download RKill by Grinler to your desktop

  • If you have an old version, please delete it first
  • Right click on the new Red icon and select Run as Administrator
  • A black DOS box will appear for a short time and then disappear.
  • This is normal and indicates the tool ran successfully.
  • At most the tool will usually run for about 2 minutes
  • Please Copy and Paste the small log back here.

Do not reboot your computer until you complete the next step.

:step4:  :Now :

  • Download AdwCleaner by Xplode from Here or Here and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
     * Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button (only once)
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button only once for accuracy.
  • A report (AdwCleaner[R0].txt) will open in Notepad for your review.
  • Check the listed removals and see if you are OK with them.
  • If you have questions, post the Report log back here.
     Next
  • Click on the Clean button only once for accuracy
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK finally to allow AdwCleaner to Restart the computer and complete the removal process.
  • After rebooting, a log report (AdwCleaner[S0].txt) will open automatically.
  • **Copy and Paste the contents of that log in your next reply.**
  • To restore an item that has been deleted by accident : Open the program again,
  • Go to Tools (top left) > Quarantine Manager > check what you want restored > now click on Restore.

Note: With most Adware / Junkware / PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features or Add/Remove Programs in the Control Panel. In many cases, using the uninstaller of the adware not only removes the adware more effectively, but it also restores any changed configuration. After uninstallation, then you can run specialized tools like AdwCleaner and JRT to fix any remaining entries they may find.



:step5: Please download Junkware Removal Tool to your desktop.
* Temporarily Disable your Antivirus now to avoid potential conflicts.

  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

     

     

  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

:step6: Please download Malwarebytes Anti-Malware 

  • Follow the simple directions to install the program to desktop
  • Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
  • Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
  • If you find malware and tick it to remove it, you may be asked to re-boot the computer to finish cleaning.
  • Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

 

Please post a report as to how the computer is performing after you post these logs

 

Thank You -



#6 Kevmany

Kevmany
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 03 January 2015 - 10:26 AM

Hi,

 

I must have installed the Orange toolbar on my laptop in the past when I had a mobile phone with Orange. I noticed it was installed on my laptop when I looked in programs and features to see what programs I could uninstall as my laptop is slow to startup and use.

 

I got the following error trying to uninstall the Orange toolbar using Revo Uninstaller but I have managed to uninstall it using your instructions: -

"Orange3.dll cannot be unregistered"

 

Please find the logs you asked for below in order. I am not sure what to clean from the results of Adware Cleaner and I would be great full of your advise on this? I think the Babylon search is adaware but not sure about the rest.: -

 

 Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
Bitdefender Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.9016)  
 Java 7 Update 67 
 Java 8 Update 25 
 Java version 32-bit out of Date!
 Adobe Flash Player 16.0.0.235 
 Adobe Reader XI 
 Mozilla Firefox (35.0)
 Google Chrome (39.0.2171.71)
 Google Chrome (39.0.2171.95)
 Google Chrome (plugins...)
````````Process Check: objlist.exe by Laurent```````` 
 Bitdefender Bitdefender vsserv.exe 
 Bitdefender Bitdefender updatesrv.exe 
 Bitdefender Bitdefender bdagent.exe 
 Bitdefender Bitdefender pmbxag.exe 
 Bitdefender Bitdefender antispam32 bdapppassmgr.exe
 Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE
 Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Kevin (administrator) on 03-01-2015 at 14:10:00
Running from "C:\Users\Kevin\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/02/2015 04:23:55 PM) (Source: uagqecsvc) (User: )
Description: The Microsoft Forefront UAG Quarantine Enforcement Client component cannot retrieve the status of the Network Access Protection (NAP) Agent service.
System error 1115: A system shutdown is in progress. (0x45b).
When the Microsoft Forefront UAG Quarantine Enforcement Client component starts, it attempts to query settings for the NAP agent service.

Error: (01/02/2015 04:23:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: cmcore.exe, version: 2014.10.14.69, time stamp: 0x543d0cfd
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc000000d
Fault offset: 0x00099136
Faulting process id: 0x7c0
Faulting application start time: 0xcmcore.exe0
Faulting application path: cmcore.exe1
Faulting module path: cmcore.exe2
Report Id: cmcore.exe3

Error: (01/01/2015 09:59:40 PM) (Source: uagqecsvc) (User: )
Description: The Microsoft Forefront UAG Quarantine Enforcement Client component cannot access the service control manager (SCM).
System error 1115: A system shutdown is in progress. (0x45b).

Error: (01/01/2015 09:59:40 PM) (Source: uagqecsvc) (User: )
Description: The Network Access Protection (NAP) Agent issued an updated statement of health notification.
The Microsoft Forefront UAG Quarantine Enforcement Client component cannot read the list of System Health Validators.
HRESULT value: 0x8007045B.

Error: (01/01/2015 09:59:37 PM) (Source: uagqecsvc) (User: )
Description: The Microsoft Forefront UAG Quarantine Enforcement Client component cannot retrieve the status of the Network Access Protection (NAP) Agent service.
System error 1115: A system shutdown is in progress. (0x45b).
When the Microsoft Forefront UAG Quarantine Enforcement Client component starts, it attempts to query settings for the NAP agent service.

Error: (01/01/2015 09:59:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: cmcore.exe, version: 2014.10.14.69, time stamp: 0x543d0cfd
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc000000d
Fault offset: 0x00099136
Faulting process id: 0x780
Faulting application start time: 0xcmcore.exe0
Faulting application path: cmcore.exe1
Faulting module path: cmcore.exe2
Report Id: cmcore.exe3

Error: (12/30/2014 08:41:52 PM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: Your backup configuration is not valid. Review your backup settings. (0x81000029).

Error: (12/24/2014 11:41:33 AM) (Source: Microsoft-Windows-RestartManager) (User: Kevin-PC)
Description: Application or service 'Windows Search' could not be shut down.

Error: (12/24/2014 11:41:12 AM) (Source: Microsoft-Windows-RestartManager) (User: Kevin-PC)
Description: Application or service 'Windows Live Mail' could not be shut down.

Error: (12/24/2014 10:12:25 AM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: Your backup configuration is not valid. Review your backup settings. (0x81000029).

System errors:
=============
Error: (01/03/2015 01:13:49 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053

Error: (01/03/2015 01:13:49 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

Error: (01/03/2015 01:11:35 PM) (Source: Service Control Manager) (User: )
Description: The Bitdefender Virus Shield service hung on starting.

Error: (01/03/2015 01:12:12 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 23:44:10 on ‎02/‎01/‎2015 was unexpected.

Error: (01/02/2015 10:41:42 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053

Error: (01/02/2015 10:41:42 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

Error: (01/02/2015 10:39:45 PM) (Source: Service Control Manager) (User: )
Description: The Bitdefender Virus Shield service hung on starting.

Error: (01/02/2015 10:40:14 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 22:36:56 on ‎02/‎01/‎2015 was unexpected.

Error: (01/02/2015 10:05:30 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/02/2015 10:05:29 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Microsoft Office Sessions:
=========================
Error: (01/02/2015 04:23:55 PM) (Source: uagqecsvc)(User: )
Description: 1115A system shutdown is in progress. (0x45b)

Error: (01/02/2015 04:23:54 PM) (Source: Application Error)(User: )
Description: cmcore.exe2014.10.14.69543d0cfdntdll.dll6.1.7601.18247521ea8e7c000000d000991367c001d026878cc966b8c:\program files (x86)\cmcm\Clean Master\cmcore.exeC:\Windows\SysWOW64\ntdll.dllbe1e6c42-929b-11e4-a08e-001e68e66892

Error: (01/01/2015 09:59:40 PM) (Source: uagqecsvc)(User: )
Description: 1115A system shutdown is in progress. (0x45b)

Error: (01/01/2015 09:59:40 PM) (Source: uagqecsvc)(User: )
Description: 0x8007045B

Error: (01/01/2015 09:59:37 PM) (Source: uagqecsvc)(User: )
Description: 1115A system shutdown is in progress. (0x45b)

Error: (01/01/2015 09:59:36 PM) (Source: Application Error)(User: )
Description: cmcore.exe2014.10.14.69543d0cfdntdll.dll6.1.7601.18247521ea8e7c000000d0009913678001d0260d52a90443c:\program files (x86)\cmcm\Clean Master\cmcore.exeC:\Windows\SysWOW64\ntdll.dll7951b2a3-9201-11e4-9b64-001e68e66892

Error: (12/30/2014 08:41:52 PM) (Source: Windows Backup)(User: )
Description: Your backup configuration is not valid. Review your backup settings. (0x81000029)

Error: (12/24/2014 11:41:33 AM) (Source: Microsoft-Windows-RestartManager)(User: Kevin-PC)
Description: 1SearchIndexer.exeWindows Search03026216118680

Error: (12/24/2014 11:41:12 AM) (Source: Microsoft-Windows-RestartManager)(User: Kevin-PC)
Description: 1C:\Program Files (x86)\Windows Live\Mail\wlmail.exeWindows Live Mail0111743880

Error: (12/24/2014 10:12:25 AM) (Source: Windows Backup)(User: )
Description: Your backup configuration is not valid. Review your backup settings. (0x81000029)

CodeIntegrity Errors:
===================================
  Date: 2014-02-12 23:06:39.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_6.2.9200.16384_none_0edc8545e871119d\bcryptprimitives.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 23:06:39.620
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_6.2.9200.16384_none_0edc8545e871119d\bcryptprimitives.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 23:06:39.589
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_6.2.9200.16384_none_0edc8545e871119d\bcryptprimitives.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 23:06:39.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_6.2.9200.16384_none_0edc8545e871119d\bcryptprimitives.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 23:06:28.497
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\$WINDOWS.~BT\Windows\WinSxS\amd64_microsoft-windows-webservices_31bf3856ad364e35_6.2.9200.16384_none_6745ff9db87675c9\webservices.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 23:06:28.435
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\$WINDOWS.~BT\Windows\WinSxS\amd64_microsoft-windows-webservices_31bf3856ad364e35_6.2.9200.16384_none_6745ff9db87675c9\webservices.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 23:06:28.357
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\$WINDOWS.~BT\Windows\WinSxS\amd64_microsoft-windows-webservices_31bf3856ad364e35_6.2.9200.16384_none_6745ff9db87675c9\webservices.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 23:06:28.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\$WINDOWS.~BT\Windows\WinSxS\amd64_microsoft-windows-webservices_31bf3856ad364e35_6.2.9200.16384_none_6745ff9db87675c9\webservices.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 23:06:25.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\$WINDOWS.~BT\Windows\WinSxS\amd64_microsoft-windows-userenv_31bf3856ad364e35_6.2.9200.16384_none_e90a11d7d5070f99\userenv.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 23:06:25.112
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\$WINDOWS.~BT\Windows\WinSxS\amd64_microsoft-windows-userenv_31bf3856ad364e35_6.2.9200.16384_none_e90a11d7d5070f99\userenv.dll because the set of per-page image hashes could not be found on the system.

 

=========================== Installed Programs ============================
3 WiFi Manager (HKLM-x32\...\3 WiFi Manager) (Version: 11.302.04.08.156 - Huawei Technologies Co.,Ltd)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.356 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVerMedia TV Tuner Card 1.0.0.4 (HKLM-x32\...\AVerMedia TV Tuner Card) (Version: 1.0.0.4 - AVerMedia TECHNOLOGIES, Inc.)
BatteryCare 0.9.20 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.20 - Filipe Lourenço)
BBC iPlayer Downloads (HKLM-x32\...\{D8753E3F-B86E-4BA6-A44A-6D92BFB38519}) (Version: 1.11.0 - BBC)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.25.0.1074 - Bitdefender)
Blackboard Collaborate Launcher (HKLM-x32\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.18.12 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Citrix Authentication Manager (x32 Version: 3.0.0.47031 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Citrix Receiver Inside (x32 Version: 3.3.0.17208 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Clean Master (HKLM-x32\...\Clean Master) (Version: 1.0 - Cheetah Mobile)
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
Connectify Hotspot (HKLM\...\Connectify) (Version: 3.7.1.25486 - Connectify)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dokan Library 0.5.3 (HKLM-x32\...\DokanLibrary) (Version:  - )
EaseUS Todo Backup Free 6.5 (HKLM-x32\...\EaseUS Todo Backup Free 6.5_is1) (Version: 6.5 - CHENGDU YIWO Tech Development Co., Ltd)
EaseUS Todo PCTrans 8.0 (HKLM-x32\...\EaseUS Todo PCTrans_is1) (Version:  - EaseUS)
eSupport UndeletePlus 3.0.5.506 (HKLM-x32\...\eSupport UndeletePlus_is1) (Version:  - Copyright © 2011 eSupport.com • All Rights Reserved)
FlashPeak SlimBrowser (HKLM-x32\...\SlimBrowser) (Version: 7.00.109 - FlashPeak Inc.)
get_iplayer 4.8 (HKLM-x32\...\get_iplayer) (Version: 4.8 - infradead.org)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
Google Chrome (HKCU\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3123 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 4.1.3123 - Hewlett-Packard) Hidden
HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
inSSIDer (HKLM-x32\...\{65A5E87D-7A3F-4819-807D-B86990D5F369}) (Version: 2.1.6 - MetaGeek)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
InvisibleHand (HKLM-x32\...\{4B0BA7AA-10BE-432D-92AF-577D5A8E595E}) (Version: 1.0.10 - InvisibleHand)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden
JMicron JMB38X Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.20.07 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 9.5.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.5.0 - )
Lexmark 3400 Series (HKLM\...\Lexmark 3400 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Go Video Playback Engine 2.0.107.08290 (HKLM-x32\...\{49D9CE9D-C8B7-B941-90E1-608044A0FC8D}) (Version: 2.0.107.08290 - Sony)
MediaPortal 2 (HKLM-x32\...\{8332146C-EBE1-4601-A3E4-204D9C15E4C0}) (Version: 2.0.0.1409 - Team MediaPortal)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (EONENERGYFIT) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MPC-HC 1.7.5 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.5 - MPC-HC Team)
MPC-HC 1.7.7 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 4.2.18 (HKLM\...\{230C9C86-26A9-437F-8152-34D5F4C3F680}) (Version: 4.2.18 - Oracle Corporation)
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
Paragon Backup and Recovery™ 11 Compact Edition (HKLM-x32\...\{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}) (Version: 90.00.0003 - Paragon Software)
PE Builder 3.1.10a (HKLM-x32\...\PE Builder_is1) (Version:  - Bart Lagerweij)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PL-2303 USB-to-Serial (HKLM-x32\...\{A9111573-EF12-4D80-A5B9-55F620D5BCA1}) (Version: 1.00.000 - Prolific Technology INC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
PS5520FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapport (Version: 3.5.1201.78 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1404.34 - Trusteer) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Resident Evil 6 Benchmark Tool (HKLM-x32\...\Steam App 229950) (Version:  - Capcom)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Self-service Plug-in (x32 Version: 3.3.0.27839 - Citrix Systems, Inc.) Hidden
Sense (HKLM-x32\...\Sense) (Version: Build 187 - The Open University)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimComputer (HKLM-x32\...\{574BF026-4487-4051-BCE5-83C4E40AAF6D}) (Version: 1.3.30878 - SlimWare Utilities, Inc.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.12.7.29 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.108 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.108 - Sony)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Star Wars Empire at War Forces of Corruption Demo (HKLM-x32\...\{A6D1A6E1-8A6B-4C49-8FF5-2AFEDFBFE4FA}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.33.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
TP-LINK TL-WDN3200 Driver (HKLM-x32\...\{C0C6BCBC-0884-4C66-B5EF-0B7668FE2B10}) (Version: 1.3.1 - TP-LINK)
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
Ultimate Soccer Manager 98-99 (HKLM-x32\...\Ultimate Soccer Manager 98-99) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual CertExam Suite 1.9 (HKLM-x32\...\Visual CertExam Suite_is1) (Version:  - Visual CertExam Software)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3838 - VMware, Inc.)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 7.1.4.16648 - VMware, Inc)
WD Diagnostics (HKLM-x32\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.07.0000 - Western Digital Technologies)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0) (HKLM\...\07B260955637F1FF7587ED2AA87459040DD09BF7) (Version: 09/04/2008 2.6.0.0 - ENE)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Wise Memory Optimizer 3.32 (HKLM-x32\...\Wise Memory Optimizer_is1) (Version: 3.32 - WiseCleaner.com, Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.2.3972 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.3972 - Zinio LLC) Hidden

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 8189.84 MB
Available physical RAM: 5733.45 MB
Total Pagefile: 15224.52 MB
Available Pagefile: 12619.26 MB
Total Virtual: 4095.88 MB
Available Virtual: 3986.23 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.05 GB) (Free:8.42 GB) NTFS

========================= Users: ========================================

User accounts for \\KEVIN-PC

Administrator            Guest                    Kevin                   
Lorraine                

**** End of log ****

 

Rkill 2.6.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/03/2015 02:48:21 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 01/03/2015 02:50:38 PM
Execution time: 0 hours(s), 2 minute(s), and 17 seconds(s)

 

# AdwCleaner v4.106 - Report created 03/01/2015 at 15:03:23
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Kevin - KEVIN-PC
# Running from : C:\Users\Kevin\Desktop\adwcleaner_4.106.exe
# Option : Scan

***** [ Services ] *****

Service Found : Skype C2C Service

***** [ Files / Folders ] *****

File Found : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\jtlp8uj3.default-1405780090041\searchplugins\search.xml
Folder Found : C:\Program Files (x86)\eSupport.com
Folder Found : C:\Program Files (x86)\Sense
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sense
Folder Found : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\532dcd0b53fb914
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\BrowserMngr
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\BrowserMngr
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\532dcd0b53fb914
Key Found : HKLM\SOFTWARE\BrowserMngr
Key Found : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Key Found : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\oneclick
Key Found : HKLM\SOFTWARE\Classes\oneclickmg
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A6D1A6E1-8A6B-4C49-8FF5-2AFEDFBFE4FA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : HKLM\SOFTWARE\Sense
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Uniblue\DriverScanner
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v35.0 (x86 en-US)

-\\ Google Chrome v

[C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=109217&tt=3612_5&babsrc=SP_ss&mntrId=842913ee00000000000000234d2e3e20
[C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=109217&tt=3612_5&babsrc=SP_ss&mntrId=842913ee00000000000000234d2e3e20
[C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=GB&install_date=20121210&user_guid=423DEAE3C6D1449BB36C04E9484A532D&machine_id=3042807b267e8056adcdea7128881f56&browser=CR&os=win&os_version=6.1-x64-SP1

*************************

AdwCleaner[R0].txt - [5795 octets] - [03/01/2015 15:03:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5855 octets] ##########



#7 Kevmany

Kevmany
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 03 January 2015 - 10:46 AM

I also get this error in IE web browser trying to open Hotmail.com or outlook.com or .co.uk websites:-

 

Internet Explorer cannot display the web page    

Launch HP Network Check

An issue prevented Internet Explorer from displaying the web page.  Click the button above to launch HP Network Check to automatically diagnose and repair the issue.

About HP Network Check

  • Can automatically detect, diagnose and repair many common network issues

  • Integrated with Windows Network Diagnostics Framework, so it runs both simultaneusly

  • Provides clear instructions to resolve issues that cannot be fixed automatically

  • Shows key system and network information for easier troubleshooting



#8 Kevmany

Kevmany
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 03 January 2015 - 11:03 AM

I ran HP network check as advised and got the following result: -

"Connection Status: -

No issues found with the connection. Your browser page was also attempted to refresh with the following website you where having problems connecting to: - "https://www.hotmail.com"



#9 Kevmany

Kevmany
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 03 January 2015 - 03:43 PM

# AdwCleaner v4.106 - Report created 03/01/2015 at 18:47:00
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Kevin - KEVIN-PC
# Running from : C:\Users\Kevin\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Skype C2C Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sense
Folder Deleted : C:\Program Files (x86)\eSupport.com
[x] Not Deleted : C:\Program Files (x86)\Sense
Folder Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\jtlp8uj3.default-1405780090041\searchplugins\search.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\oneclick
Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKCU\Software\532dcd0b53fb914
Key Deleted : HKLM\SOFTWARE\532dcd0b53fb914
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\SOFTWARE\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\ParetoLogic
[x] Not Deleted : HKLM\SOFTWARE\Sense
Key Deleted : HKLM\SOFTWARE\Uniblue
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A6D1A6E1-8A6B-4C49-8FF5-2AFEDFBFE4FA}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 en-US)


-\\ Google Chrome v

[C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=109217&tt=3612_5&babsrc=SP_ss&mntrId=842913ee00000000000000234d2e3e20
[C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=109217&tt=3612_5&babsrc=SP_ss&mntrId=842913ee00000000000000234d2e3e20
[C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=GB&install_date=20121210&user_guid=423DEAE3C6D1449BB36C04E9484A532D&machine_id=3042807b267e8056adcdea7128881f56&browser=CR&os=win&os_version=6.1-x64-SP1

*************************

AdwCleaner[R0].txt - [5967 octets] - [03/01/2015 15:03:23]
AdwCleaner[S0].txt - [5495 octets] - [03/01/2015 18:47:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5555 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by Kevin on 03/01/2015 at 19:01:01.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\utorrentbar"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/01/2015 at 19:17:33.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 03/01/2015
Scan Time: 19:31:40
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.03.10
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kevin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 495343
Time Elapsed: 53 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 10
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-815093258-3654837366-4000460123-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [8d740b5ef08c55e11abb35a8da288b75],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-815093258-3654837366-4000460123-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [8d740b5ef08c55e11abb35a8da288b75],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-815093258-3654837366-4000460123-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [c33e2544700cd264dbcf9050d2306e92],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-815093258-3654837366-4000460123-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [c33e2544700cd264dbcf9050d2306e92],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\WOW6432NODE\uTorrentBar, Quarantined, [6c952c3d5c203df9812e5819f60d847c],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-815093258-3654837366-4000460123-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\uTorrentBar, Quarantined, [79885118413b31056f420f629271ca36],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-815093258-3654837366-4000460123-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [709194d5a7d5e254b62eec7d847fe31d],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-815093258-3654837366-4000460123-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\uTorrentBar, Quarantined, [f40dd8913448ae88ddd4bcb511f202fe],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-815093258-3654837366-4000460123-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [c53c59102f4d0b2b8f554d1ca55ee818],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-815093258-3654837366-4000460123-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\uTorrentBar, Quarantined, [22df88e1d8a4a096f2bf1a57d23138c8],

Registry Values: 2
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-815093258-3654837366-4000460123-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, úâ?¬s¿´ã²M¯>Ââ?¡Æ?¤[ü, Quarantined, [8d740b5ef08c55e11abb35a8da288b75]
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-815093258-3654837366-4000460123-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [d42d3930473579bd746119c4c63c9d63],

Registry Data: 0
(No malicious items detected)

Folders: 1
Trojan.Spyeyes, C:\Recycle.Bin, Quarantined, [33ceee7b5e1ebe7821068aa01de606fa],

Files: 1
PUP.Optional.OpenCandy, C:\Users\Kevin\Downloads\PowerISO6.exe, No Action By User, [9869fe6bc0bcf5411714d9d414f16b95],

Physical Sectors: 0
(No malicious items detected)


(end)



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:32 AM

Posted 03 January 2015 - 04:12 PM

Based on this item alone ""Trojan.Spyeyes"" that may have been removed, and is just left in Recycle Bin I would still prefer the topic be handled by the Malware Removal Team

 

A new version of the SpyEye 'trojan horse' software not only steals your money, it then offers false reassurance that it's still there.

A report from the Daily Mail
 

Trojan:Win32/Spyeye is a trojan that captures keystrokes and steals login credentials through a method known as "form grabbing"

and from Microsoft

 

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. Note: Windows 8.1 Users will not be able run DDS and create a log

When you have done that, Copy and Paste your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs or you're using Windows 8.1, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one, to prevent others answering incorrectly.

 

 

Thank You -



#11 Kevmany

Kevmany
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 03 January 2015 - 05:10 PM

Thanks Noknojon,

 

I appreciate you making me aware of this trojan. It looks quite nasty.

 

I have ran DDS and created a new post on the Virus, trojan, spyware and malware removal forum and added the required logs.

 

Kevin



#12 hamluis

hamluis

    Moderator


  • Moderator
  • 54,865 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:32 PM

Posted 03 January 2015 - 08:49 PM

Reference:  http://www.bleepingcomputer.com/forums/t/561980/laptop-infected-with-trojanspyeyes/ .

 

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users